This piece is part of the series intended for business leaders, providing them working knowledge of various business laws. By its very nature, it is neither comprehensive nor is it supposed to replace the guidance of a law expert. Read more about this series.
No serious businessman would risk the disclosure of his business or trade secrets for the sake of a single or insignificant transaction. Even in the case of significant transactions, he would not only minimize the disclosure but would also ensure that the other party neither discloses the secret information to anybody else, nor misuses the said information for its own commercial gains.
Prior to the opening up and globalisation of the Indian economy in the early nineties, assurances of non-disclosure from the Receiving Party were by and large oral. But after coming in contact with international businesses, the practice of detailed formal contracts started appealing to Indian businessmen as well. Non-Disclosure Agreements (NDA), also calledConfidentiality Agreements,are almost universal and are found in all significant business transaction. So much so that even an exploratory interaction is preceded by execution of an NDA. The present discussion is from the point of view of the Party disclosing business secrets. The Receiving Party only has to ensure that the obligation of confidentiality on it is not too heavy and consequences of breach are not too harsh.
Templates of Non-disclosure Agreements are freely available on the Internet and so we restrict the discussion here to the key components of an NDA and the precautions to be taken while drafting or approving an inbound draft agreement.
Generally, there are two aims of a Non-disclosure Agreement. The first isto ensure non-disclosure of business secrets of the Disclosing Party (Party that has given its secrets) by theReceiving Party(Party that has received the business secrets); and second, to ensure that the said business secrets are used by the Receiving Party only for the limited purpose of the proposed transaction, and not for its personal or commercial gains.
Aside: While there are some transactions where both the Parties exchange their business secrets and both of them are quite particular as to the language and the obligations recorded in NDA, larger number of cases are those where it is one party who discloses its confidential information/business secrets.
Keeping in mind the above two aims of an NDA, both Parties agree to the object for which the information is to be utilised; and then Disclosing Party takes a call as to how much information should be disclosed.
The Object and Purposefor which the Confidential Information is being shared should be specified in restricted language and should not give freedom and scope to the Receiving Party to misuse the same.
The second, but the most important step in drafting an NDA is providing a definition of Confidential Information. Many people search the Internet for this purpose, and use the facility of “cut & paste” without the application of mind. One needs to strike a balance here. A very long and detailed definition could end up covering even not-so-confidential information and would hamper the speed of a transaction. At worst, it might even frighten away the prospective Receiving Party. On the other hand, a small and generic definition may serve no purpose at all.
The best approach which I have found useful in my practice is to (A) identify the business functions and the executives who shall interact with the Receiving Party, and (B) visualise the type of information which may be required to be disclosed (this exercise, of course, should be broad based and liberal). The next step should be to identify the formats in which the said confidential information is likely to be shared. For example, it could be in the form of Text, Numbers, Formulas, Pictures, Products, Prototypes, Computer programs, Voice and Sounds. They may be written on paper or other material or they may be digital. The communication could be through physical exchange of written or printed material, exchange of articles, transfer of information over Internet in digital format, or even by access to your portal or computer system.
Therefore, an ideal definition would be one which covers listing of all likely types of information, howsoever transmitted to the other party, whether it seems valuable or not, and whether it is designated as confidential information or not.
As long as you ensure that the type of your confidential information is covered by the definition, you need not bother if the definition covers some extra types of information.
The next step is the exclusion from the definition of confidential information. What you think is confidential, may not indeed be confidential. Therefore, the Receiving Party would try to restrict its obligation of confidentiality by excluding information, such as information already in public domain, information which it received from a third party but without obligation of confidentiality, or the information/secret knowledge which the Receiving Party has collected and created by its own efforts. Disclosing Party should check that the list does not include anything which is not justified. This clause also takes care of situations where the relevant information comes to public domain without any default on the part of the Receiving Party. Similarly, disclosure of information to the governmental or statutory authorities or court is also excluded from the scope of default. However, it is normally made mandatory for the Receiving Party to minimise the disclosure and, as far as possible, to intimate the Disclosing Party about impending requirement of disclosure. This is so that Disclosing Party may seek protective umbrella or Orders from competent authorities or court against such disclosure.
Next we consider the level of care and extent of efforts which the Receiving Party has to make to keep the information confidential. Information is shared for being used by the people and therefore need to be disclosed, but only to the authorised persons. Therefore, there should be two-fold obligation. First, to disclose it to its own people strictly on a need to know basis. In turn, such persons should be bound by the terms of the NDA, by separate individual declarations or otherwise. Second, the level of care and efforts to keep the information confidential should be higher or equal to the care which a businessman of normal prudence would take in respect of his own information of similar importance. However, such care should never be less than reasonable.
Yet another aspect of the confidentiality obligation is the period of confidentiality. The obligation should be for some period (say, two or three years) after the project under reference is either completed or abandoned. There should also be a clause for return of the confidential information or obligation to destroy the information in a reasonable manner from all methods of storage. It is a challenge to ensure the destruction of information kept in digital form. In such situations, there should also be a clause asking for a certificate from the Receiving Party that it has duly destroyed the information. One obviously necessary clause in an NDA is the indemnity obligation of the defaulting party to compensate the Disclosing Party in respect of all damages or loss incurred on account of non-observance of the confidentiality obligation or from the misuse of the Information.
Generally, an NDA does not contain an arbitration clause, perhaps because relief sought on breach of the confidentiality obligation is of urgent nature which is better taken care of by usual process of Injunction by the court of competent jurisdiction.